United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/630,162 


07/30/2003 


Irena Hudis 


13768.429 


7646 



47973 7590 01/07/2011 

WORKMAN NYDEGGER/MICROSOFT 
1000 EAGLE GATE TOWER 
60 EAST SOUTH TEMPLE 
SALT LAKE CITY, UT 841 1 1 



EXAMINER 



POPHAM, JEFFREY D 



PAPER NUMBER 



2491 



01/07/2011 



DELIVERY MODE 



PAPER 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



L/ii/oe; mi, iiuii yjuiiiiiiai y 


Application No. 

10/630,162 


Applicant(s) 

HUDIS ET AL. 


Examiner 

JEFFREY D. POPHAM 


Art Unit 

2491 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 GFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 GFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 02 November 20 1 0 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 24,25,27,28,34.36-38 and 41 -47 is/are pending in the application. 

4a) Of the above claim(s) 46 and 47 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 24,25,27,28,34,36-38 and 41-45 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) The drawing(s) filed on 30 July 2003 is/are: a)|EI accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)DAII b)Q Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) O Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) O Information Disclosure Statement(s) (PTO/SB/08) 

Paper No(s)/Mail Date . 



4) CD Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) O Notice of Informal Patent Application 

6) Q Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20101221 



Application/Control Number: 1 0/630,1 62 Page 2 

Art Unit: 2491 

Remarks 

Claims 24, 25, 27, 28, 34, 36-38, and 41-47 are pending. 

Claims 46-47 are withdrawn from consideration as outlined in the election by 

original presentation below. 

Claims 24, 25, 27, 28, 34, 36-38, and 40-45 are rejected. 



Response to Arguments 

1 . Applicant's arguments filed 1 1 /2/201 0 have been fully considered but they 
are not persuasive. 

Applicant provides arguments regarding the 101 rejection of claims 34, 38, 
40-43, and 45, stating that Applicant believes them to be statutory as the instant 
application differentiates between storage and communication media. However, 
as described in the 101 rejection, a storage medium may be a signal, as the 
definition of a storage medium includes a signal, and Applicant has not provided 
any alternative definition in the application. It is noted that Applicant states 
" Applicant expressly disclaims any coverage in claims 34, 38, 40-43, and 45 to 
the extent "computer-readable media" could be interpreted to require only a 
single without any additional physical, article of manufacture. " However, 
disclaiming a single medium does not appear to be what Applicant intends. If 
Applicant intends to disavow the medium being a signal, Applicant must properly 
state that all claims directed to a medium will not be enforced with respect to 
signals. 
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Applicant argues that "the cited art fails to disclose or reasonably support 
that identification and/or granting of administrative rights in a new non- 
overlapping zone after the previously existing zone is split, as such is recited in 
combination with the other claim elements." Applicant goes on to argue, with 
respect to Glasser, that "splitting a zone occurs in Glasser by initially selecting a 
change to a resource permission, and then applying the change to create the 
new zone. In direct contrast, the pending claims generate permissions after the 
zone is created, rather than identifying and generating changed permissions as a 
first instance." However, Glasser also teaches adding a user to an ACL for a 
particular resource when the resource already has an ACL, as opposed to when 
the resource inherits an ACL. Therefore, as Applicant notes, a new zone is 
created when an inherited ACL is changed, thereby forming a new ACL that is 
propagated to the new zone, while the remaining items not effected by this 
previously-inherited ACL change remain in the remaining previous zone. This is 
the situation in which "a new ACL will be created for the folder" (Column 8, lines 
59-60). However, once this folder already has an ACL, "the changes made to the 
display list are merged with the previous contents of the ACL to form the updated 
ACL" (Column 8, lines 61-63). As one can see, the items within this zone (e.g. 
controlled by this possibly propagated ACL) remain the same, however, a new 
user is added to the ACL and, thereby, given rights to the items within that zone. 
Therefore, one can see that Glasser teaches adding rights for additional 
principals to this precise previously-split zone (as it already has its own ACL) 
after the zone is created (at any time a user is added to this ACL). 



Application/Control Number: 10/630,162 
Art Unit: 2491 



Page 4 



Election/Restrictions 

2. Newly submitted claims 46-47 directed to an invention that is independent 
or distinct from the invention originally claimed for the following reasons: 

Claim 46 states that the new security zone is created "without any security 
rules associated therewith", which is the exact opposite of the previously 
presented claims. As an example, claim 24 explicitly states that "for any 
principals that had existing rights in the existing non-overlapping security zone ... 
an act of retaining those existing rights in the new non-overlapping security 
zone". It is further noted that the application as originally filed specifies that 
these are different embodiments (e.g. paragraph 41 stating that "In other 
embodiments of the invention, the first zone does not include any security rules 
after it is created and all new security rules must be created for the first zone"). 
Therefore, the inventions are independent or distinct as they are different 
embodiments and provide mutually exclusive subject matter therein. 

Since applicant has received an action on the merits for the originally 
presented invention, this invention has been constructively elected by original 
presentation for prosecution on the merits. Accordingly, claims 46-47 are 
withdrawn from consideration as being directed to a non-elected invention. See 
37 CFR 1 .142(b) and MPEP § 821 .03. 



Claim Rejections - 35 USC §101 

35 U.S.C. 101 reads as follows: 
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Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

3. Claims 34, 38, 40-43, and 45 are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to non-statutory subject matter. 

Claim 34 is directed to a computer program product comprising "one or 
more computer-readable storage media". Such media are described in the 
application in an open-ended manner using examples. As the definition of a 
computer readable storage medium includes a signal, use of such computer 
readable storage media in the claims includes this interpretation of the media 
being signals. Therefore, as the computer readable storage media of claim 34 
are not inherently physical components (e.g. CD, DVD), the claim is non- 
statutory. In order to overcome this 101 rejection, simply adding "non-transitory" 
before "computer-readable storage media" should be sufficient to make the claim 
statutory. Claims 38, 40-43, and 45 are dependent from claim 34 and do not fix 
the issue with the computer readable storage media. Therefore, claims 38, 40- 
43, and 45 are rejected for the same reasons. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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4. Claims 24, 25, 27, 28, 34, 36-38, and 40-45 are rejected under 35 U.S.C. 

103(a) as being unpatentable over Glasser (U.S. Patent 6,061 ,684) in view of 

Nowicki (U.S. Patent 7,146,377). 
Regarding Claim 24, 

Glasser discloses in a computer system, the computer 
system including system memory, a processor, and a computer- 
readable medium, a data store and a method store being stored on 
the computer-readable medium, the data store and method store 
arranged together in a combined item hierarchy on the computer- 
readable medium, the data store having at least one data item that 
depends from a method in the method store and the method store 
having at least one method that depends from data in the data 
store, the combined item hierarchy being divided into one or more 
non-overlapping security zones, each of the one or more non- 
overlapping security zones being defined as a grouping of one or 
more data items and one or more method items having common 
security rules such that principals with rights to items in a non- 
overlapping security zone can treat all items in the non-overlapping 
security zone uniformly in accordance with common security rules, 
a method of authenticating principal identity and then splitting the 
one or more non-overlapping security zones into a plurality of non- 
overlapping security zones to facilitate more efficient assignment of 
rights to principals, comprising: 
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An act of accessing a first ACL, the first ACL defining rights 
based on common security rules that principals are to have in an 
existing non-overlapping zone from among the one or more non- 
overlapping zones (Column 7, line 41 to Column 8, line 39; and 
Column 9, line 58 to Column 10, line 29; authentication and 
permission checks for administrators, such permissions for 
modifying other permissions; authentication and permission checks 
for a normal user; and/or accessing ACLs for setting permissions 
by an administrator, as examples); 

An act of accessing authentication information that specifies 
the identity of the principals that are to have the rights in the 
existing non-overlapping zone (Column 7, line 41 to Column 8, line 
39; and Column 9, line 58 to Column 1 0, line 29; as just described); 

An act of authenticating the principals by verifying the 
identity of the principals by using the authentication information and 
by verifying that the principals are to have the rights defined in the 
first ACL (Column 7, line 41 to Column 8, line 39; and Column 9, 
line 58 to Column 1 0, line 29; as just described); 

An act of identifying a grouping of data items and method 
items in the combined item hierarchy (Figure 4; and Column 4, lines 
20-35; showing that the hierarchical file system includes files, 
wherein the files are data files, program files, or other computer 
information files. Hereafter, any time data and method items are 
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referenced with respect to Glasser, this citation is pertinent, but will 
not be identified in each instance, in order to provide clear 
reference to pertinent citations) for which new common security 
rules are to be enforced, the identified grouping of data items and 
method items currently included in the existing non-overlapping 
zone, existing common security rules being enforced within the 
existing non-overlapping zone, the new common security rules 
differing from the existing common security rules being enforced 
within the existing non-overlapping zone (Column 7, lines 41-64; 
Column 8, lines 27-39; and Column 8, line 55 to Column 9, line 25; 
a resource is selected, wherein the resource will be given different 
rules than the resource's parent (where the parent has an ACL that 
is inherited by the selected resource) and, likewise, the rest of the 
resources that inherit the ACL of the parent. The change to rights 
will include providing the selected resource with a new ACL, which 
will be propagated and inherited by resources descending from the 
selected resource); 

An act of the processor re-configuring the one or more non- 
overlapping security zones so that rights can be assigned at a 
granularity that is finer than an entire database yet coarse enough 
so as to not require assignment for each item, including: 

An act of splitting the existing non-overlapping 

security zone into a new non-overlapping security zone and 
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a remnant of the existing non-overlapping security zone, the 
arrangement of the new non-overlapping security zone 
relative to the remnant of the existing non-overlapping 
security zone based on the location of the identified grouping 
of data items and method items within the combined item 
hierarchy, the new non-overlapping security zone for 
containing the identified grouping of data items and method 
items, the remnant of the existing non-overlapping security 
zone containing at least one data item or method item from 
the existing non-overlapping security zone, wherein the 
splitting is restricted in such a way as to prevent overlapping 
between security zones and such that none of the data items 
and method items are included in more than one security 
zone (Figure 4; Column 7, lines 41-64; Column 8, lines 27- 
39; and Column 8, line 55 to Column 9, line 25); 
For any principals that had existing rights in the existing non- 
overlapping security zone based on the existing common security 
rules being enforced in the existing non-overlapping security zone 
at the time the existing non-overlapping security zone was split, an 
act of retaining those existing rights in the new non-overlapping 
security zone, including in the identified grouping of data items and 
method items, subsequent to splitting the existing non-overlapping 
security zone and subsequent to labeling to represent that the 
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identified grouping of data items and method items are contained in 
the new non-overlapping security zone (Figures 4-5; Column 7, 
lines 41-64; Column 8, lines 27-39; and Column 8, line 55 to 
Column 9, line 25; in the case of adding a user to the ACL, the 
previous entities listed in the ACL (the ACL inherited from the 
ascendant in this case) will still have access, as that previously 
inherited ACL is copied and then changes are made, such as 
adding users. The new user is additionally provided with access to 
the resource and any resources that inherit the ACL of this 
resource); and 

An act of identifying and granting one or more other rights in 
the new non-overlapping security zone to one or more additional 
principals in accordance with the new common security rules, 
wherein identifying and granting the one or more rights is 
performed subsequent to the act of splitting the existing non- 
overlapping security zone into the new non-overlapping security 
zone and the remnant of the existing non-overlapping security 
zone, and wherein granting the one or more rights includes 
assigning the other rights to the new non-overlapping security zone 
collectively granting the other rights to each item in the identified 
grouping of data items and method items through the assignment of 
the other rights to the new non-overlapping security zone, the other 
rights differing from the existing rights (Figures 4-5; Column 7, lines 
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41-64; Column 8, lines 27-39; and Column 8, line 55 to Column 9, 
line 25; in the case of adding a user, this new user is provided with 
rights to the resource and any resources that inherit the ACL of this 
selected resource, for example). 

But does not appear to explicitly disclose labeling each of 
the items in the identified grouping of data items and method items 
with a security zone enumeration corresponding to the new non- 
overlapping security zone to represent that the identified grouping 
of data items and method items are contained in the new non- 
overlapping security zone. 

Nowicki, however, discloses labeling each of the items in the 
identified grouping of data items and method items with a security 
zone enumeration corresponding to the new non-overlapping 
security zone to represent that the identified grouping of data items 
and method items are contained in the new non-overlapping 
security zone (Figures 5 and 7; Column 8, lines 25-54; and Column 
9, lines 1-9; changing partition identifiers and/or directory identifiers, 
for example, to indicate that the item is in a specific/new partition or 
directory); and 

That each non-overlapping security zone can contain both 
method and data items (Column 3, line 61 to Column 4, line 3; 
Column 6, line 48 to Column 7, line 1 0; and Column 1 2, lines 26- 
36; showing resources being data and method items, placing a 



Application/Control Number: 10/630,162 Page 12 

Art Unit: 2491 

slower process in a partition/zone dedicated to slower processes, 
and that each partition may include both data and method items). It 
would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the partitioning 
techniques of Nowicki into the access control system of Glasser in 
order to allow the system to dynamically arrange and rearrange 
items stored in a file hierarchy in such a manner that they can be 
moved to a partition dedicated to the particular type of item and the 
partitions can be merged in the case that multiple partitions are to 
have the same policies, and/or to allow for explicit designation 
within a file handle for each file/item as to which partition and 
directory the file/item currently resides. 

Regarding Claim 34, 

Claim 34 is a computer program product claim that 
corresponds to method claim 24 and is rejected for the same 
reasons. 

Regarding Claim 25, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that specifying the one or 
more additional principals is performed by the one or more main 
principals (Column 7, lines 41-54; the user is verified as having 
appropriate permissions for the resource(s)). 

Regarding Claim 38, 
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Claim 38 is a computer program product claim that 
corresponds to method claim 25 and is rejected for the same 
reasons. 
Regarding Claim 27, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses the rights being security 
rights (Column 7, lines 41 -64; Column 8, lines 1 0-39; and Column 
8, line 55 to Column 9, line 25). 
Regarding Claim 40, 

Claim 40 is a computer program product claim that 
corresponds to method claim 27 and is rejected for the same 
reasons. 
Regarding Claim 28, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses the rights being auditing 
rights (Column 7, lines 41 -64; Column 8, lines 10-39; and Column 
8, line 55 to Column 9, line 25). 
Regarding Claim 41 , 

Claim 41 is a computer program product claim that 
corresponds to method claim 28 and is rejected for the same 
reasons. 
Regarding Claim 36, 
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Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the existing common 
security rules comprise a second ACL defining the rights a principal 
has to the items in the remnant of the existing non-overlapping 
security zone (Column 7, lines 41 -64; Column 8, lines 1 0-39; and 
Column 8, line 55 to Column 9, line 25). 

Regarding Claim 42, 

Claim 42 is a computer program product claim that 
corresponds to method claim 36 and is rejected for the same 
reasons. 

Regarding Claim 37, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the new common 
security rules comprise a second ACL defining the rights a principal 
has to the items in the new non-overlapping security zone (Column 
7, lines 41-64; Column 8, lines 10-39; and Column 8, line 55 to 
Column 9, line 25). 

Regarding Claim 43, 

Claim 43 is a computer program product claim that 
corresponds to method claim 37 and is rejected for the same 
reasons. 

Regarding Claim 44, 
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Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the act of granting 
other rights in the new non-overlapping security zone to one or 
more additional principals in accordance with the new common 
security rules comprises an act of granting a set of rights in the 
non-overlapping security zone to the one or more additional 
principals so as to collectively grant the set of rights to the one or 
more additional principals for each item in the new non-overlapping 
security zone, the set of rights including one or more rights selected 
from among read, write, delete, and execute (Column 7, lines 41- 
64; Column 8, lines 10-39; and Column 8, line 55 to Column 9, line 
25). 

Regarding Claim 45, 

Claim 45 is a computer program product claim that 
corresponds to method claim 44 and is rejected for the same 
reasons. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
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action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to JEFFREY D. POPHAM whose telephone 
number is (571 )272-721 5. The examiner can normally be reached on M-F 9:00- 
5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ashok Patel can be reached on (571)272-3972. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571 -272-1000. 

Jeffrey D Popham 
Primary Examiner 
Art Unit 2491 

/Jeffrey D Popham/ 

Primary Examiner, Art Unit 2491 



